diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-20 14:04:37 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-04-20 14:05:34 +0200 |
commit | 684c7b3582001da7a9f77fff162fa12b2c678446 (patch) | |
tree | 009a6c89fd5b755db765bfa1043526cf0941a429 /lib | |
parent | 794b13da74d184ede5843803f36fcae6688bf774 (diff) | |
download | gnutls-684c7b3582001da7a9f77fff162fa12b2c678446.tar.gz |
Check for invalid length in the X.509 version field
If such an invalid length is detected, reject the certificate.
Reported by Hanno Böck.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/x509/x509.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 8e5948becf..d4df162712 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -347,7 +347,13 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, } /* enforce the rule that only version 3 certificates carry extensions */ - version = gnutls_x509_crt_get_version(cert); + result = gnutls_x509_crt_get_version(cert); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + version = result; if (version < 3) { gnutls_datum_t exts; result = _gnutls_x509_get_raw_field2(cert->cert, &cert->der, @@ -741,6 +747,9 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert) return _gnutls_asn2err(result); } + if (len == 0) + return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); + return (int) version[0] + 1; } |